@parsrun/server 0.1.0

package/dist/middleware/index.js

@@ -0,0 +1,880 @@
+// src/context.ts
+function error(code, message, details) {
+  return {
+    success: false,
+    error: { code, message, details: details ?? void 0 }
+  };
+}
+function generateRequestId() {
+  return crypto.randomUUID();
+}
+
+// src/middleware/error-handler.ts
+var ApiError = class extends Error {
+  constructor(statusCode, code, message, details) {
+    super(message);
+    this.statusCode = statusCode;
+    this.code = code;
+    this.details = details;
+    this.name = "ApiError";
+  }
+  toResponse() {
+    return error(this.code, this.message, this.details);
+  }
+};
+var BadRequestError = class extends ApiError {
+  constructor(message = "Bad request", details) {
+    super(400, "BAD_REQUEST", message, details);
+    this.name = "BadRequestError";
+  }
+};
+var UnauthorizedError = class extends ApiError {
+  constructor(message = "Unauthorized", details) {
+    super(401, "UNAUTHORIZED", message, details);
+    this.name = "UnauthorizedError";
+  }
+};
+var ForbiddenError = class extends ApiError {
+  constructor(message = "Forbidden", details) {
+    super(403, "FORBIDDEN", message, details);
+    this.name = "ForbiddenError";
+  }
+};
+var NotFoundError = class extends ApiError {
+  constructor(message = "Not found", details) {
+    super(404, "NOT_FOUND", message, details);
+    this.name = "NotFoundError";
+  }
+};
+var ConflictError = class extends ApiError {
+  constructor(message = "Conflict", details) {
+    super(409, "CONFLICT", message, details);
+    this.name = "ConflictError";
+  }
+};
+var ValidationError = class extends ApiError {
+  constructor(message = "Validation failed", details) {
+    super(422, "VALIDATION_ERROR", message, details);
+    this.name = "ValidationError";
+  }
+};
+var RateLimitError = class extends ApiError {
+  constructor(message = "Too many requests", retryAfter) {
+    super(429, "RATE_LIMIT_EXCEEDED", message, { retryAfter });
+    this.retryAfter = retryAfter;
+    this.name = "RateLimitError";
+  }
+};
+var InternalError = class extends ApiError {
+  constructor(message = "Internal server error", details) {
+    super(500, "INTERNAL_ERROR", message, details);
+    this.name = "InternalError";
+  }
+};
+var ServiceUnavailableError = class extends ApiError {
+  constructor(message = "Service unavailable", details) {
+    super(503, "SERVICE_UNAVAILABLE", message, details);
+    this.name = "ServiceUnavailableError";
+  }
+};
+function errorHandler(options = {}) {
+  const {
+    includeStack = false,
+    onError,
+    errorTransport,
+    captureAllErrors = false,
+    shouldCapture
+  } = options;
+  return async (c, next) => {
+    try {
+      await next();
+    } catch (err) {
+      const error2 = err instanceof Error ? err : new Error(String(err));
+      const statusCode = error2 instanceof ApiError ? error2.statusCode : 500;
+      if (onError) {
+        onError(error2, c);
+      } else {
+        const logger = c.get("logger");
+        if (logger) {
+          logger.error("Request error", {
+            requestId: c.get("requestId"),
+            error: error2.message,
+            stack: error2.stack
+          });
+        }
+      }
+      if (errorTransport) {
+        const shouldCaptureError = shouldCapture ? shouldCapture(error2, statusCode) : captureAllErrors || statusCode >= 500;
+        if (shouldCaptureError) {
+          const user = c.get("user");
+          const tenant = c.get("tenant");
+          const errorContext = {
+            requestId: c.get("requestId"),
+            tags: {
+              path: c.req.path,
+              method: c.req.method,
+              statusCode: String(statusCode)
+            }
+          };
+          if (user?.id) {
+            errorContext.userId = user.id;
+          }
+          if (tenant?.id) {
+            errorContext.tenantId = tenant.id;
+          }
+          const extra = {
+            query: c.req.query()
+          };
+          if (error2 instanceof ApiError) {
+            extra["errorCode"] = error2.code;
+          }
+          errorContext.extra = extra;
+          Promise.resolve(
+            errorTransport.captureException(error2, errorContext)
+          ).catch(() => {
+          });
+        }
+      }
+      if (error2 instanceof ApiError) {
+        return c.json(error2.toResponse(), error2.statusCode);
+      }
+      const details = {};
+      if (includeStack && error2.stack) {
+        details["stack"] = error2.stack;
+      }
+      return c.json(
+        error("INTERNAL_ERROR", "An unexpected error occurred", details),
+        500
+      );
+    }
+  };
+}
+function notFoundHandler(c) {
+  return c.json(
+    error("NOT_FOUND", `Route ${c.req.method} ${c.req.path} not found`),
+    404
+  );
+}
+
+// src/middleware/auth.ts
+function extractToken(c, header, prefix, cookie) {
+  const authHeader = c.req.header(header);
+  if (authHeader) {
+    if (prefix && authHeader.startsWith(`${prefix} `)) {
+      return authHeader.slice(prefix.length + 1);
+    }
+    return authHeader;
+  }
+  if (cookie) {
+    const cookieHeader = c.req.header("cookie");
+    if (cookieHeader) {
+      const cookies = cookieHeader.split(";").map((c2) => c2.trim());
+      for (const c2 of cookies) {
+        const [key, ...valueParts] = c2.split("=");
+        if (key === cookie) {
+          return valueParts.join("=");
+        }
+      }
+    }
+  }
+  return null;
+}
+function auth(options) {
+  const {
+    verify,
+    header = "authorization",
+    prefix = "Bearer",
+    cookie,
+    skip,
+    message = "Authentication required"
+  } = options;
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const token = extractToken(c, header, prefix, cookie);
+    if (!token) {
+      throw new UnauthorizedError(message);
+    }
+    const payload = await verify(token);
+    if (!payload) {
+      throw new UnauthorizedError("Invalid or expired token");
+    }
+    const user = {
+      id: payload.sub,
+      email: payload.email,
+      tenantId: payload.tenantId,
+      role: payload.role,
+      permissions: payload.permissions ?? []
+    };
+    c.set("user", user);
+    await next();
+  };
+}
+function optionalAuth(options) {
+  const { verify, header = "authorization", prefix = "Bearer", cookie, skip } = options;
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const token = extractToken(c, header, prefix, cookie);
+    if (token) {
+      try {
+        const payload = await verify(token);
+        if (payload) {
+          const user = {
+            id: payload.sub,
+            email: payload.email,
+            tenantId: payload.tenantId,
+            role: payload.role,
+            permissions: payload.permissions ?? []
+          };
+          c.set("user", user);
+        }
+      } catch {
+      }
+    }
+    await next();
+  };
+}
+function createAuthMiddleware(baseOptions) {
+  return {
+    auth: (options) => auth({ ...baseOptions, ...options }),
+    optionalAuth: (options) => optionalAuth({ ...baseOptions, ...options })
+  };
+}
+
+// src/middleware/cors.ts
+var defaultCorsConfig = {
+  origin: "*",
+  credentials: false,
+  methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
+  allowedHeaders: ["Content-Type", "Authorization", "X-Request-ID", "X-CSRF-Token"],
+  exposedHeaders: ["X-Request-ID", "X-Total-Count"],
+  maxAge: 86400
+  // 24 hours
+};
+function isOriginAllowed(origin, config) {
+  if (config.origin === "*") return true;
+  if (typeof config.origin === "string") {
+    return origin === config.origin;
+  }
+  if (Array.isArray(config.origin)) {
+    return config.origin.includes(origin);
+  }
+  if (typeof config.origin === "function") {
+    return config.origin(origin);
+  }
+  return false;
+}
+function cors(config) {
+  const corsConfig = { ...defaultCorsConfig, ...config };
+  return async (c, next) => {
+    const origin = c.req.header("origin") ?? "";
+    if (c.req.method === "OPTIONS") {
+      const response = new Response(null, { status: 204 });
+      if (isOriginAllowed(origin, corsConfig)) {
+        response.headers.set("Access-Control-Allow-Origin", origin || "*");
+      }
+      if (corsConfig.credentials) {
+        response.headers.set("Access-Control-Allow-Credentials", "true");
+      }
+      if (corsConfig.methods) {
+        response.headers.set(
+          "Access-Control-Allow-Methods",
+          corsConfig.methods.join(", ")
+        );
+      }
+      if (corsConfig.allowedHeaders) {
+        response.headers.set(
+          "Access-Control-Allow-Headers",
+          corsConfig.allowedHeaders.join(", ")
+        );
+      }
+      if (corsConfig.maxAge) {
+        response.headers.set("Access-Control-Max-Age", String(corsConfig.maxAge));
+      }
+      return response;
+    }
+    await next();
+    if (isOriginAllowed(origin, corsConfig)) {
+      c.header("Access-Control-Allow-Origin", origin || "*");
+    }
+    if (corsConfig.credentials) {
+      c.header("Access-Control-Allow-Credentials", "true");
+    }
+    if (corsConfig.exposedHeaders) {
+      c.header("Access-Control-Expose-Headers", corsConfig.exposedHeaders.join(", "));
+    }
+  };
+}
+
+// src/middleware/csrf.ts
+function generateRandomToken() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function getCookie(c, name) {
+  const cookieHeader = c.req.header("cookie");
+  if (!cookieHeader) return void 0;
+  const cookies = cookieHeader.split(";").map((c2) => c2.trim());
+  for (const cookie of cookies) {
+    const [key, ...valueParts] = cookie.split("=");
+    if (key === name) {
+      return valueParts.join("=");
+    }
+  }
+  return void 0;
+}
+function csrf(options = {}) {
+  const {
+    cookieName = "_csrf",
+    headerName = "x-csrf-token",
+    methods = ["POST", "PUT", "PATCH", "DELETE"],
+    excludePaths = [],
+    skip,
+    generateToken = generateRandomToken,
+    cookie = {}
+  } = options;
+  const cookieOptions = {
+    secure: cookie.secure ?? true,
+    httpOnly: cookie.httpOnly ?? true,
+    sameSite: cookie.sameSite ?? "lax",
+    path: cookie.path ?? "/",
+    maxAge: cookie.maxAge ?? 86400
+    // 24 hours
+  };
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const path = c.req.path;
+    if (excludePaths.some((p) => path.startsWith(p))) {
+      return next();
+    }
+    let token = getCookie(c, cookieName);
+    if (!token) {
+      token = generateToken();
+      const cookieValue = [
+        `${cookieName}=${token}`,
+        `Path=${cookieOptions.path}`,
+        `Max-Age=${cookieOptions.maxAge}`,
+        cookieOptions.sameSite && `SameSite=${cookieOptions.sameSite}`,
+        cookieOptions.secure && "Secure",
+        cookieOptions.httpOnly && "HttpOnly"
+      ].filter(Boolean).join("; ");
+      c.header("Set-Cookie", cookieValue);
+    }
+    c.set("csrfToken", token);
+    if (methods.includes(c.req.method)) {
+      const headerToken = c.req.header(headerName);
+      const bodyToken = await getBodyToken(c);
+      const providedToken = headerToken ?? bodyToken;
+      if (!providedToken || providedToken !== token) {
+        throw new ForbiddenError("Invalid CSRF token");
+      }
+    }
+    await next();
+  };
+}
+async function getBodyToken(c) {
+  try {
+    const contentType = c.req.header("content-type") ?? "";
+    if (contentType.includes("application/json")) {
+      const body = await c.req.json();
+      return body["_csrf"] ?? body["csrfToken"] ?? body["csrf_token"];
+    }
+    if (contentType.includes("application/x-www-form-urlencoded")) {
+      const body = await c.req.parseBody();
+      return body["_csrf"];
+    }
+  } catch {
+  }
+  return void 0;
+}
+function doubleSubmitCookie(options = {}) {
+  return csrf({
+    ...options,
+    cookie: {
+      ...options.cookie,
+      httpOnly: false
+      // Allow JS to read the cookie
+    }
+  });
+}
+
+// src/middleware/rate-limit.ts
+var MemoryRateLimitStorage = class {
+  store = /* @__PURE__ */ new Map();
+  async get(key) {
+    const entry = this.store.get(key);
+    if (!entry || entry.expires < Date.now()) {
+      return 0;
+    }
+    return entry.count;
+  }
+  async increment(key, windowMs) {
+    const now = Date.now();
+    const entry = this.store.get(key);
+    if (!entry || entry.expires < now) {
+      this.store.set(key, { count: 1, expires: now + windowMs });
+      return 1;
+    }
+    entry.count++;
+    return entry.count;
+  }
+  async reset(key) {
+    this.store.delete(key);
+  }
+  /** Clean up expired entries */
+  cleanup() {
+    const now = Date.now();
+    for (const [key, entry] of this.store) {
+      if (entry.expires < now) {
+        this.store.delete(key);
+      }
+    }
+  }
+};
+var defaultStorage = null;
+function getDefaultStorage() {
+  if (!defaultStorage) {
+    defaultStorage = new MemoryRateLimitStorage();
+  }
+  return defaultStorage;
+}
+function rateLimit(options = {}) {
+  const {
+    windowMs = 60 * 1e3,
+    // 1 minute
+    max = 100,
+    keyGenerator = defaultKeyGenerator,
+    skip,
+    storage = getDefaultStorage(),
+    message = "Too many requests, please try again later",
+    headers = true,
+    onLimitReached
+  } = options;
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const key = `ratelimit:${keyGenerator(c)}`;
+    const current = await storage.increment(key, windowMs);
+    if (headers) {
+      c.header("X-RateLimit-Limit", String(max));
+      c.header("X-RateLimit-Remaining", String(Math.max(0, max - current)));
+      c.header("X-RateLimit-Reset", String(Math.ceil((Date.now() + windowMs) / 1e3)));
+    }
+    if (current > max) {
+      if (onLimitReached) {
+        onLimitReached(c, key);
+      }
+      const retryAfter = Math.ceil(windowMs / 1e3);
+      c.header("Retry-After", String(retryAfter));
+      throw new RateLimitError(message, retryAfter);
+    }
+    await next();
+  };
+}
+function defaultKeyGenerator(c) {
+  return c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ?? c.req.header("x-real-ip") ?? c.req.header("cf-connecting-ip") ?? "unknown";
+}
+function createRateLimiter(options = {}) {
+  const storage = options.storage ?? getDefaultStorage();
+  return {
+    middleware: rateLimit({ ...options, storage }),
+    storage,
+    reset: (key) => storage.reset(`ratelimit:${key}`),
+    get: (key) => storage.get(`ratelimit:${key}`)
+  };
+}
+
+// src/middleware/request-logger.ts
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes}B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+}
+function requestLogger(options = {}) {
+  const {
+    skip,
+    format = "json",
+    includeBody = false,
+    maxBodyLength = 1e3
+  } = options;
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const start = Date.now();
+    const logger = c.get("logger");
+    const requestId = c.get("requestId");
+    const method = c.req.method;
+    const path = c.req.path;
+    const query = c.req.query();
+    const userAgent = c.req.header("user-agent");
+    const ip = c.req.header("x-forwarded-for") ?? c.req.header("x-real-ip") ?? "unknown";
+    if (format === "json") {
+      logger?.debug("Request started", {
+        requestId,
+        method,
+        path,
+        query: Object.keys(query).length > 0 ? query : void 0,
+        ip,
+        userAgent
+      });
+    }
+    let requestBody;
+    if (includeBody && ["POST", "PUT", "PATCH"].includes(method)) {
+      try {
+        const contentType = c.req.header("content-type") ?? "";
+        if (contentType.includes("application/json")) {
+          const body = await c.req.text();
+          requestBody = body.length > maxBodyLength ? body.substring(0, maxBodyLength) + "..." : body;
+        }
+      } catch {
+      }
+    }
+    await next();
+    const duration = Date.now() - start;
+    const status = c.res.status;
+    const contentLength = c.res.headers.get("content-length");
+    const size = contentLength ? parseInt(contentLength, 10) : 0;
+    if (format === "json") {
+      const logData = {
+        requestId,
+        method,
+        path,
+        status,
+        duration: `${duration}ms`,
+        size: formatBytes(size)
+      };
+      if (requestBody) {
+        logData["requestBody"] = requestBody;
+      }
+      if (status >= 500) {
+        logger?.error("Request completed", logData);
+      } else if (status >= 400) {
+        logger?.warn("Request completed", logData);
+      } else {
+        logger?.info("Request completed", logData);
+      }
+    } else if (format === "combined") {
+      const log = `${ip} - - [${(/* @__PURE__ */ new Date()).toISOString()}] "${method} ${path}" ${status} ${size} "-" "${userAgent}" ${duration}ms`;
+      console.log(log);
+    } else {
+      const log = `${method} ${path} ${status} ${duration}ms`;
+      console.log(log);
+    }
+  };
+}
+
+// src/middleware/tracing.ts
+function parseTraceparent(header) {
+  const match = header.match(
+    /^([0-9a-f]{2})-([0-9a-f]{32})-([0-9a-f]{16})-([0-9a-f]{2})$/i
+  );
+  if (!match) return null;
+  const [, version, traceId, parentId, flags] = match;
+  if (traceId === "00000000000000000000000000000000") return null;
+  if (parentId === "0000000000000000") return null;
+  return {
+    version,
+    traceId,
+    parentId,
+    traceFlags: parseInt(flags, 16)
+  };
+}
+function generateTraceId() {
+  const bytes = new Uint8Array(16);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function generateSpanId() {
+  const bytes = new Uint8Array(8);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function createTraceparent(traceId, spanId, sampled = true) {
+  const flags = sampled ? "01" : "00";
+  return `00-${traceId}-${spanId}-${flags}`;
+}
+function tracing(options = {}) {
+  const {
+    headerName = "x-request-id",
+    generateId = generateRequestId,
+    propagate = false,
+    emitHeader = true,
+    trustIncoming = true
+  } = options;
+  return async (c, next) => {
+    let requestId;
+    if (trustIncoming) {
+      requestId = c.req.header(headerName) ?? generateId();
+    } else {
+      requestId = generateId();
+    }
+    c.set("requestId", requestId);
+    if (propagate) {
+      const traceparent = c.req.header("traceparent");
+      const tracestate = c.req.header("tracestate");
+      const spanId = generateSpanId();
+      c.set("spanId", spanId);
+      if (traceparent) {
+        const traceContext = parseTraceparent(traceparent);
+        if (traceContext) {
+          c.set("traceContext", traceContext);
+          if (tracestate) {
+            c.set("traceState", tracestate);
+          }
+        }
+      } else {
+        const traceId = generateTraceId();
+        c.set("traceContext", {
+          version: "00",
+          traceId,
+          parentId: spanId,
+          traceFlags: 1
+          // Sampled
+        });
+      }
+    }
+    if (emitHeader) {
+      c.header(headerName, requestId);
+    }
+    await next();
+  };
+}
+var tracingMiddleware = tracing;
+
+// src/middleware/usage-tracking.ts
+function usageTracking(options) {
+  const {
+    usageService,
+    featureKey = "api_calls",
+    quantity = 1,
+    skip,
+    trackOn = "response",
+    successOnly = true,
+    getCustomerId = (c) => c.get("user")?.id,
+    getTenantId = (c) => c.get("tenant")?.id ?? c.get("user")?.tenantId,
+    getSubscriptionId,
+    includeMetadata = true,
+    getIdempotencyKey
+  } = options;
+  return async (c, next) => {
+    if (trackOn === "request") {
+      await trackUsage(c);
+      return next();
+    }
+    await next();
+    if (skip?.(c)) return;
+    if (successOnly && c.res.status >= 400) return;
+    await trackUsage(c);
+  };
+  async function trackUsage(c) {
+    const customerId = getCustomerId(c);
+    const tenantId = getTenantId(c);
+    if (!customerId || !tenantId) return;
+    const resolvedFeatureKey = typeof featureKey === "function" ? featureKey(c) : featureKey;
+    const resolvedQuantity = typeof quantity === "function" ? quantity(c) : quantity;
+    const metadata = includeMetadata ? {
+      path: c.req.path,
+      method: c.req.method,
+      statusCode: c.res.status,
+      userAgent: c.req.header("user-agent")
+    } : void 0;
+    try {
+      const trackOptions = {
+        tenantId,
+        customerId,
+        featureKey: resolvedFeatureKey,
+        quantity: resolvedQuantity
+      };
+      const subscriptionId = getSubscriptionId?.(c);
+      if (subscriptionId !== void 0) {
+        trackOptions.subscriptionId = subscriptionId;
+      }
+      if (metadata !== void 0) {
+        trackOptions.metadata = metadata;
+      }
+      const idempotencyKey = getIdempotencyKey?.(c);
+      if (idempotencyKey !== void 0) {
+        trackOptions.idempotencyKey = idempotencyKey;
+      }
+      await usageService.trackUsage(trackOptions);
+    } catch (error2) {
+      const logger = c.get("logger");
+      if (logger) {
+        logger.error("Usage tracking failed", {
+          error: error2 instanceof Error ? error2.message : String(error2),
+          customerId,
+          featureKey: resolvedFeatureKey
+        });
+      }
+    }
+  }
+}
+function createUsageTracking(baseOptions) {
+  return (overrides) => {
+    return usageTracking({ ...baseOptions, ...overrides });
+  };
+}
+
+// src/middleware/quota-enforcement.ts
+var QuotaExceededError = class extends Error {
+  constructor(featureKey, limit, currentUsage, requestedQuantity = 1) {
+    super(
+      `Quota exceeded for "${featureKey}": ${currentUsage}/${limit ?? "unlimited"} used`
+    );
+    this.featureKey = featureKey;
+    this.limit = limit;
+    this.currentUsage = currentUsage;
+    this.requestedQuantity = requestedQuantity;
+    this.name = "QuotaExceededError";
+  }
+  statusCode = 429;
+  code = "QUOTA_EXCEEDED";
+};
+function quotaEnforcement(options) {
+  const {
+    quotaManager,
+    featureKey,
+    quantity = 1,
+    skip,
+    getCustomerId = (c) => c.get("user")?.id,
+    includeHeaders = true,
+    onQuotaExceeded,
+    softLimit = false,
+    onQuotaWarning
+  } = options;
+  return async (c, next) => {
+    if (skip?.(c)) {
+      return next();
+    }
+    const customerId = getCustomerId(c);
+    if (!customerId) {
+      return next();
+    }
+    const resolvedFeatureKey = typeof featureKey === "function" ? featureKey(c) : featureKey;
+    const resolvedQuantity = typeof quantity === "function" ? quantity(c) : quantity;
+    try {
+      const result = await quotaManager.checkQuota(
+        customerId,
+        resolvedFeatureKey,
+        resolvedQuantity
+      );
+      if (includeHeaders) {
+        c.header("X-Quota-Limit", String(result.limit ?? "unlimited"));
+        c.header("X-Quota-Remaining", String(result.remaining ?? "unlimited"));
+        c.header("X-Quota-Used", String(result.currentUsage));
+        if (result.percentAfter !== null) {
+          c.header("X-Quota-Percent", String(result.percentAfter));
+        }
+      }
+      if (result.percentAfter !== null && result.percentAfter >= 80 && onQuotaWarning) {
+        onQuotaWarning(c, result, resolvedFeatureKey);
+      }
+      if (!result.allowed && !softLimit) {
+        if (onQuotaExceeded) {
+          const response = onQuotaExceeded(c, result, resolvedFeatureKey);
+          if (response) return response;
+        }
+        throw new QuotaExceededError(
+          resolvedFeatureKey,
+          result.limit,
+          result.currentUsage,
+          resolvedQuantity
+        );
+      }
+      await next();
+    } catch (error2) {
+      if (error2 instanceof QuotaExceededError) {
+        throw error2;
+      }
+      const logger = c.get("logger");
+      if (logger) {
+        logger.error("Quota check failed", {
+          error: error2 instanceof Error ? error2.message : String(error2),
+          customerId,
+          featureKey: resolvedFeatureKey
+        });
+      }
+      await next();
+    }
+  };
+}
+function createQuotaEnforcement(baseOptions) {
+  return (featureKey) => {
+    return quotaEnforcement({ ...baseOptions, featureKey });
+  };
+}
+function multiQuotaEnforcement(options) {
+  const { features } = options;
+  return async (c, next) => {
+    const customerId = (options.getCustomerId ?? ((ctx) => ctx.get("user")?.id))(c);
+    if (!customerId || options.skip?.(c)) {
+      return next();
+    }
+    for (const feature of features) {
+      const resolvedQuantity = typeof feature.quantity === "function" ? feature.quantity(c) : feature.quantity ?? 1;
+      const result = await options.quotaManager.checkQuota(
+        customerId,
+        feature.featureKey,
+        resolvedQuantity
+      );
+      if (!result.allowed && !options.softLimit) {
+        if (options.onQuotaExceeded) {
+          const response = options.onQuotaExceeded(c, result, feature.featureKey);
+          if (response) return response;
+        }
+        throw new QuotaExceededError(
+          feature.featureKey,
+          result.limit,
+          result.currentUsage,
+          resolvedQuantity
+        );
+      }
+    }
+    await next();
+  };
+}
+export {
+  ApiError,
+  BadRequestError,
+  ConflictError,
+  ForbiddenError,
+  InternalError,
+  MemoryRateLimitStorage,
+  NotFoundError,
+  QuotaExceededError,
+  RateLimitError,
+  ServiceUnavailableError,
+  UnauthorizedError,
+  ValidationError,
+  auth,
+  cors,
+  createAuthMiddleware,
+  createQuotaEnforcement,
+  createRateLimiter,
+  createTraceparent,
+  createUsageTracking,
+  csrf,
+  doubleSubmitCookie,
+  errorHandler,
+  generateSpanId,
+  generateTraceId,
+  multiQuotaEnforcement,
+  notFoundHandler,
+  optionalAuth,
+  parseTraceparent,
+  quotaEnforcement,
+  rateLimit,
+  requestLogger,
+  tracing,
+  tracingMiddleware,
+  usageTracking
+};
+//# sourceMappingURL=index.js.map